- 최신
- 최다 투표
- 가장 많은 댓글
To inspect suspicious traffic to the instance metadata service, I would check VPC Flow Logs. Those would have network connectivity that you could see if there are suspicious network traffic to the EC2 instance metadata service.
AWS GuardDuty comes with a VPC Flow Log Finding: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html#unauthorizedaccess-ec2-metadatadnsrebind (Keep in mind AWS GuardDuty does have a cost associated with the service: https://aws.amazon.com/guardduty/pricing/).
I would also recommend using IMDSv2 if possible which is a session-based method compared to request/response of IMDSv1: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
VPC Flow Logs: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
관련 콘텐츠
- AWS 공식업데이트됨 2년 전